Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE): Talks/Presentationshttp://lersse-dl.ece.ubc.ca
Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE) latest documents in Talks/PresentationsenFri, 22 Feb 2019 14:48:30 GMTInvenio 1.1.1lersse-it@ece.ubc.ca360887925http://lersse-dl.ece.ubc.ca/img/site_logo_rss.pngPublications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)http://lersse-dl.ece.ubc.ca
Search Search this site:phttp://lersse-dl.ece.ubc.ca/search
Architectural Separation of Authorization and Application Logic in Distributed Systems http://lersse-dl.ece.ubc.ca/record/24
Security is an essential feature and foremost concern to enterprise software systems. Today, application-level access control (and other security) functions are based on complex, fine-grain and/or context-dependent policies, and thus are largely embedded in application systems. This results in multiple-point security control, which makes system integration and security administration tremendously difficult, costly and error-prone. In this talk, we present our ongoing effort to address the above problems and to achieve the objectives of application access control by integrating the latest results in distributed object technology and software security under an architecture-centered approach for system composition. The main direction of our approach is the development of an open, adaptive and application-independent distributed authorization service based on emerging middleware standards such as CORBA. The service provides authorization decisions to distributed application systems. It establishes the structural basis for system composition, and for ensuring overall performance, availability and reliability of enterprise-wide authorization services. The use of external authorization service has a promise to overcome most of the drawbacks of coupling authorization logic with application logic. The same approach might be generalized and applied for other security properties of distributed application systems. However several important questions have to be addressed before the approach could be considered viable. We expect the study to show (1) if the architectural separation of functional and nonfunctional system properties is viable for contemporary distributed computing technologies in general, and (2) if authorization logic can be effectively decoupled from application logic in particular. The research has direct implications on the practice of constructing distributed application systems. The talk was given at: * Department of Computer Science, Middlesex College, The University of Western Ontario, London, ON, Canada, 30 May. * Department of Computer Science, York University, Toronto, ON, Canada, 29 May. * IBM Zurich Research Laboratory, Rüeschlikon, Switzerland, 22 May. * Erik Jonsson School of Engineering and Computer Science, The University of Texas at Dallas, TX, USA, 1 May. * Computer and Information Sciences Department, Temple University, Philadelphia, PA, USA, 11 April. Konstantin BeznosovMon, 27 Apr 2009 18:15:15 GMThttp://lersse-dl.ece.ubc.ca/record/242005-10-16An Overview of The Ongoing Research at LERSSE http://lersse-dl.ece.ubc.ca/record/19
This presentation provides an overview of the research projects undergoing at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE). Konstantin BeznosovMon, 27 Apr 2009 18:14:40 GMThttp://lersse-dl.ece.ubc.ca/record/192005-10-16Access Control Architectures: COM+ vs. EJB http://lersse-dl.ece.ubc.ca/record/17
This tutorial provides an overview of access control mechanisms in two most popular commercial middleware technologies, COM+ and EJB. Three main aspects of the mechanisms are explained: a) how enforcement of the access control policies is done, b) the main elements of each technology access control model, and c) the types of policies supported. The technologies are compared, in respect to access control, against each other. Their advantages and disadvantages are discussed.Konstantin BeznosovMon, 27 Apr 2009 18:14:35 GMThttp://lersse-dl.ece.ubc.ca/record/172005-10-16Access Control http://lersse-dl.ece.ubc.ca/record/16
Learning objectives: Comprehend the principles behind access control mechanisms used in today\\\\\\\'s: * operating systems, * middleware, * virtual machines. Overview: In this module, the principles behind access control mechanisms and policies employed in todays operating systems, middleware, and virtual machines are studied. Two key principles are at the basis of all protection mechanisms: * the Trusted Computing Base (TCB) * the Reference Monitor. Generic representations of access control policies follow: * Lampson Access Matrix, and its optimized forms, * Access Control Lists (ACLs) * Capabilities. The focus shifts to the main types of access control policies: * owner-based Discretionary Access Control (DAC), * lattice-based Mandatory Access Control (MAC), * Chinese Wall model, * Clark-Wilson model, and * role-based access control (RBAC).Konstantin BeznosovMon, 27 Apr 2009 18:14:33 GMThttp://lersse-dl.ece.ubc.ca/record/162005-10-16A Study of Three Workstation-Server Architectures for Object Oriented Database Systemshttp://lersse-dl.ece.ubc.ca/record/15
It presents a paper by David DeWitt, et al \&quot;A Study of Three Workstation-Server Architectures for Object Oriented Database Systems\&quot;. Konstantin BeznosovMon, 27 Apr 2009 18:14:30 GMThttp://lersse-dl.ece.ubc.ca/record/152005-10-16A Framework for Implementing Role-based Access Control Using CORBA Security Servicehttp://lersse-dl.ece.ubc.ca/record/13
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of RBAC0 and RBAC1 implementations in the framework of CORBA Security and describe what is required from an implementation of CORBA Security service in order to support RBAC0-RBAC3 models. Outline: - CORBA access control model - Definition of CORBA protection state con guration - Framework for implementing RBAC models using CORBA Security Service - Example con gurations of CORBA protection state that support RBAC models Konstantin BeznosovMon, 27 Apr 2009 18:12:32 GMThttp://lersse-dl.ece.ubc.ca/record/132005-10-16A Framework for Implementing Role-based Access Control Using CORBA Security Servicehttp://lersse-dl.ece.ubc.ca/record/12
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of RBAC0 and RBAC1 implementations in the framework of CORBA Security and describe what is required from an implementation of CORBA Security service in order to support RBAC0-RBAC3 models. Outline: - CORBA access control model - De nition of CORBA protection state con guration - Framework for implementing RBAC models using CORBA Security Service - Example con gurations of CORBA protection state that support RBAC models Konstantin BeznosovMon, 27 Apr 2009 18:10:57 GMThttp://lersse-dl.ece.ubc.ca/record/122005-10-16A Design of An Authorization Service http://lersse-dl.ece.ubc.ca/record/11
Outline: • CORBA security model • What CORBA Access Model does[ not] Cover • Healthcare Resource Access Control (H-RAC) high level view • Authorization Service framework design details Konstantin BeznosovMon, 27 Apr 2009 18:05:54 GMThttp://lersse-dl.ece.ubc.ca/record/112005-10-16Accountability and Availabilityhttp://lersse-dl.ece.ubc.ca/record/9
Learning objectives: Comprehend the principles of security accountability and availability. Overview: Key principles of security accountability and availability are outlined and applied to application design, implementation and deployment. The impact of security audit and non-repudiation on accountability is reviewed. General concepts of security, and fault tolerance in particular, are discussed: * errors, * faults, * failures, * failure modes, * the Byzantine generals problem. Exposure to both security attacks designed to hamper the accountability and availability properties of systems, and available countermeasures is provided.Konstantin BeznosovMon, 27 Apr 2009 17:52:32 GMThttp://lersse-dl.ece.ubc.ca/record/92005-10-16A Security Analysis of the IEEE 1588 Standardhttp://lersse-dl.ece.ubc.ca/record/5
Jeanette TsangMon, 27 Apr 2009 17:49:22 GMThttp://lersse-dl.ece.ubc.ca/record/52005-10-16